While proofreading the config, and checking if it was up to date
according to:
- Mozilla recommandations
- SSLtest
- testssl.sh
I spotted an issue in the HSTS header:
$ curl -I https://afpy.org
[...]
Strict-Transport-Security: max-age=63072000; always
the `always` part is an nginx config token, not a cookie value.
So I simplified the conf so we can more easily copy/paste from Mozilla
generator, which obviously removed the bug.